We’re rolling out end-to-end encryption for voice and video calls! We’d like to share why we’re bringing E2EE A/V to Discord, share our design and implementation goals, and provide a high-level technical overview of how it works.
  • Zak@lemmy.worldEnglish
    0·
    2 days ago

    I’m confused by why they would do this, and at the same time, why not for private text messages.

    I’m in favor of encrypting as much communication as possible, but I don’t think many of Discord’s users were complaining that their voice chart wasn’t secure. I’d expect more of them to care about text chart, which is less effort to spy on.

  • mox@lemmy.sdf.orgEnglish
    0·
    2 days ago

    Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)

    That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing “E2EE” for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren’t, and it isn’t.

    We want an E2EE A/V protocol that is publicly auditable

    Their use of the word “auditable” here is also concerning. What does it mean for a protocol to be auditable? Sure, it’s nice that they’re publishing their design, but that doesn’t allow independent audit of the implementation that actually runs on their servers and (importantly) our devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there’s no practical way to know that it matches the design that was reviewed. Without a way to verify that the code being run is the code that was inspected, claiming that the system was audited is misleading.

    The protocol uses Messaging Layer Security (MLS) for group key exchange

    Interesting. This makes me think their motivation for doing this might be compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats?

    • schizo@forum.uncomfortable.businessEnglish
      0·
      2 days ago

      Their whole writeup is somewhwere between “trust me bro” and “enough holes you can legally sell it as swiss cheese”.

      I’m utterly confused as to who the target market for this is since their current userbase clearly does not care if shits encrypted or not, and any even remotely privacy oriented person is going to have the exact same take you did.

  • subignition@piefed.socialEnglish
    0·
    2 days ago

    I am WAY too unqualified to understand any of the technical stuff, so I’ll be waiting to hear thoughts from experts on this one. It looks like if there are no major flaws in it this is a great thing for the platform overall.

  • simple@lemm.eeEnglish
    0·
    2 days ago

    It’s weird that they’re adding E2EE on voice but not in private DMs, which is probably everybody’s biggest concern when it comes to security on Discord.